[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alt-N WebAdmin Source Code Disclosure



Vulnerable:     v3.3.3
Vendor:         www.altn.com
Category:       Environment Error

Vulnerable
========
Alt-N WebAdmin 3.3.3
U-Mail for Windows V9.8 
U-Mail GateWay for Windows V9.8

Details:
=========
A source code disclosure vulnerability exists with Alt-N WebAdmin Server.
Remote attacker can be exploited to disclose the source code by appending "%2e" 
or "%20" to a URI.
Test on U-Mail for Windows V9.8 and U-Mail GateWay for Windows V9.8

POC: 
=========
http://ip:1000/login.wdm%20
http://ip:1000/login.wdm%2e

Reference:
=========
www.comingchina.com/download.html
http://www.nansec.com/